It is important that you and your staff be proactive in securing sensitive patient health information. It is equally important to instruct each employee on your privacy policy and what is expected of them when it comes to protecting patient health information. To ensure that everyone - patients and staff - is clear as to what your privacy practices are, they need to be set out in writing.

In our last Risk E-Notes we discussed the HIPAA regulation requiring that you post your Notice of Privacy Practices on your medical practice's website. As a result, we received a number of calls from members requesting sample copies of this document.  

Here is a link to a sample Privacy Policy prepared by the California Medical Association (CMA). This sample should be customized for your practice, and instructions for doing so are included on the sample.

Your office should also have a formal written Notice of Privacy Practices that is available for your patients. The Notice of Privacy Practices is a statement, modeled after your Privacy Policy, of how your practice uses and transfers patient information. Here is a link to a sample Notice of Privacy Practices prepared by the CMA.

If you have additional questions related to the issue, please call our Risk Management  Hotline at 800-252-0555.



Authored by
Ann Whitehead, RN, JD
CAP Risk Management & Patient Safety Department

 

Published comments of this information should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney.